Embed Size (px)
Citation preview
© Koen Van Loo
Cyber InsuranceSetting the scene
Koen Van Loo
1
© Koen Van Loo
Who am I?Koen Van Loohttps://about.me/koenvanloo
2004-2016 CIO @ ADMB
2007-2016 CISO @ ADMB
Follow me on @kvl0 (i.e. K-V-L-Zero)Ask your questions!
2
© Koen Van Loo
A Cyberwar is going on...
3
http://newsmonkey.be/article/66658
© Koen Van Loo
Trends in four data breach cost components
4
Ponemon Institute© Research Report
© Koen Van Loo
Question 1How many organisations
have done a Security Audit/Assessment?
5
© Koen Van Loo
Question 2How many organisations
have a Cybercrime Insurance?
6
© Koen Van Loo
What is a Cyber Insurance?
Cyber-insurance is an insurance product used to protect businesses and individual users from Internet-based risks, and more generally from risks relating to information technology infrastructure and activities.
7
© Koen Van Loo
What is Cyber crime?
8
Business Disruption and Misuse
Online Scams Theft and Fraud
DDOS Phishing Identity Theft
Malware Spear Phishing Theft from Business
Software Piracy Pharming IP Theft
Espionage Spoofing Customer Data Theft
Extortion Purchase Fraud Fiscal Fraud
https://www.be.capgemini.com/resource-file-access/resource/pdf/Using_Insurance_to_Mitigate_Cybercrime_Risk.pdf
© Koen Van Loo
Quote
9
Traditional insurance is based on sometimes hundreds of years of historical data. They can look back, see where the losses came from,
and they price accordingly. ... The (cyber) market is still very, very juvenile.
Garrett Droegea cyberinsurance leader
© Koen Van Loo
Prevention vs Protection
10
© Koen Van Loo
QuoteNow into its third major phase of development, cyber insurance is no
replacement for robust IT security.
However, it has an important role to play as part of a holistic risk management strategy, creating a second line of defense to mitigate
cyber incidents.
Cyber insurance continues to evolve
11
© Koen Van Loo
Quote
Mandatory data breach notification regulations are in part a driver for Cyber Liability Insurance Cover
as the costs of notifying affected users can be extremely high.
12
© Koen Van Loo
Cyber and professional indemnity insurance
13
© Koen Van Loo
Who’s buying?
14
© Koen Van Loo
Why no disaster recovery plan? Haven't thought about it
A data disaster could not happen
Withstand disaster without financial loss
The perception that disaster plans are too costly to implement
(Results from a Carbonite study)
15https://www.flickr.com/photos/2top/9571794304
© Koen Van Loo
Questions to ask• What security controls can you put into place that will reduce the premium?• What assistance is provided to improve information governance and information security?• What and how big a difference to your future premiums will a claim make?• The security / protection industry is very fast changing, how can the insurance ensure that your policy is
current?• Are malicious acts by employees covered?• Although ignorance of the law is no excuse, we are just not able to keep up with all the compliance issues that
may affect all the territories our company works in, would you refuse a claim if you were processing data that may contravene laws in one country but not another – because insurance policies often stipulate that you must not be breaking the law?
• What about the limitations?• Could you claim if you were not able to detect an intrusion until several months or years have elapsed, so you
are outside the period of the cover, (as with the Red October malware which was discovered after about five years)?
• ...16
© Koen Van Loo
Cybersecurity Assesment
https://www.flickr.com/photos/acousticskyy/4395455002 17
© Koen Van Loo
Thank you!And stay secure...
18
